Re: IPSEC

From: Kerodo (loopback_at_localhost.com)
Date: 01/28/05

Next message: Alvaro Noreña: "Re: service principal name for the VMRC server could not be regist"
Previous message: Steven L Umbach: "Re: IPSEC"
In reply to: Steven L Umbach: "Re: IPSEC"
Next in thread: Steven L Umbach: "Re: IPSEC"
Reply: Steven L Umbach: "Re: IPSEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Jan 2005 17:27:19 -0800

In article <aeOdnZ5mBY-6DmTcRVn-sw@comcast.com>, n9rou@n0-spam-for-me-
comcast.net says...
> There is no way to do general logging with ipsec in Windows 2000. W2003 does
> offer some logging such as for dropped packets. You would need to use a
> software firewall such as Sygate to have some logging. Sygate is free for
> personal user, is a stateful firewall [unlike ipsec] , and has extensive
> logging capabilities. Ipsec is not meant to be a first line internet
> firewall. One weakness of a packet filtering firewall is that due to the
> rules it is possible for a user to scan your internal network by
> manipulating the source port of the scan. For instance you may be allowing
> all traffic from port 80 to your computer from the internet. I could use a
> program such as Supercan 4 to scan your network by using port 80 as the
> source port for my scan. A stateful firewall would not allow that. I think
> ipsec is great for what it is good at, particularly on the lan, but I would
> not use it as a permanent primary internet firewall. --- Steve

Thanks Steven, that's helpful. I'm very familiar with all the firewalls
out there today. I'm playing with ipsec mostly out of curiosity, to see
if I could find something to use as a packet filter that's ultra lite on
resources, mostly just for fun. Sounds like I'd be better off with
something like CHX-I, which also has stateful inspection.

If my ipsec rules only allow outbound traffic on remote port 80 (source:
my address, destination: any address), then wouldn't ipsec block any
incoming traffic from remote 80 if I also have a block all incoming rule
in place? Or does ipsec not care about the direction of the traffic?

-- 
Kerodo

Next message: Alvaro Noreña: "Re: service principal name for the VMRC server could not be regist"
Previous message: Steven L Umbach: "Re: IPSEC"
In reply to: Steven L Umbach: "Re: IPSEC"
Next in thread: Steven L Umbach: "Re: IPSEC"
Reply: Steven L Umbach: "Re: IPSEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Audit logons from outside local ip range
... > implement a software firewall to track logon attempts from unauthorized IP ... > address as you can with Ipsec filtering policy, ... > give you the kind of logging you want and is more difficult to configure ... >> I know how to setup enabling logging successful and unsuccessful logins. ...
(microsoft.public.windows.server.security)
Re: Hits just keep on coming! What does it mean?
... but you're not telling how you have configured your firewall - what ... Your machine sending some NetBIOS packet as a network ... and filter the rest - and filter very ... As for logging, I don't see much value in logging any of the packets ...
(comp.os.linux.security)
Re: IPSEC
... There is no way to do general logging with ipsec in Windows 2000. ... offer some logging such as for dropped packets. ... software firewall such as Sygate to have some logging. ...
(microsoft.public.win2000.general)
Re: IPSEC
... There is no way to do general logging with ipsec in Windows 2000. ... offer some logging such as for dropped packets. ... software firewall such as Sygate to have some logging. ...
(microsoft.public.win2000.security)
Re: IPSEC
... > software firewall such as Sygate to have some logging. ... Ipsec is not meant to be a first line internet ... One weakness of a packet filtering firewall is that due to the ...
(microsoft.public.win2000.general)